Robust Membership Management for Adhoc Groups

1
Robust Membership Management for Ad-hoc Groups

• Silja Mäki, Tuomas Aura, Maarit Hietalahti
• Helsinki University of Technology, Finland
• In Proc. 5th NORDSEC 2000, Reykjavik, Iceland,
  October 2000
• Younghee Park, Calab
• 12.02.2002

2
Contents

• Introductions
• Managing group membership(GMM) with certificates
• Relations between groups
• Conclusions

3
Introductions(1/3)

• A fully distributed, certificate-based system for
  group membership management
• Group membership management
• Adding and removing nodes in the group
• A method for authenticating the group members
• Group
• A group of users or network nodes
• A set of entities that want to communicate with
  each other and to co-operate for some purpose
• A node may prove its membership in a group also
  to nodes that are not members of the group.

4
Introductions(2/3)

• Security functions for a group
• Mutual authentication of group members
• Authentication of group members to outsiders
• Authentication of members with special roles in
  the membership management
• Mutual authentication for group key-exchange
• In our protocol
• Membership is dynamic
• Membership protocol must be resistant to
  communications failures
• All functionality is distributed to avoid single
  points of failure

5
Introductions(3/3)

• Our scheme for group membership management
• On public key cryptography and on the use of
  signed certificates
• Members public signature keys
• Each group a public signature key
• Certificates signed by the group key are used to
  indicate the membership of the nodes
• Certificates
• A message signed with the private key of a
  certifier
• Key oriented leaders public key
• Certification chains
• An expiration date

6
GMM with certificates (1/8)

• Based on public-key signatures and on the use of
  public-key certificates
• Group members are identified by their public keys
• A public key representing the group
• Leaders have the right to admit new member to the
  group
• Group members possess a membership certificate
• The certificate is signed by a leader of the
  group

7
GMM with certificates (2/8)

• The basic group structure
• Membership certificate
• The group identifier (i.e. the public group key)
• The public member key
• A validity period
• A signature signed with the group key

8
GMM with certificates (3/8)

• Increased robustness with multiple leaders
• Leaders may admit new members and new leaders to
  the group by signing certificates with their own
  keys

9
GMM with certificates (4/8)

• Increased robustness with multiple leaders
• To prove membership in the group
• A member that has been certificated directly by
  the group key
• Members private key and membership certificate
• A member that has been certificated by another
  leader
• A chain of certificates is formed from the group
  key to each member key
• All certificates in the path from the group key
  to its member key
• Adding of leaders and members to the group
• A trees structure
• Group key root
• Members without leader leaves

10
GMM with certificates (5/8)

• Protection against the compromise of keys
• Group reconstitution
• A new group key
• New membership and leader certificates (to old
  members)
• Conceptual simplicity
• The primary protection against compromised
  members
• The removal of untrusted members
• Membership expiration
• Membership revocation

11
GMM with certificates (6/8)

• The removal of untrusted members
• Membership revocation
• Enables the network to react immediately against
  the possibility of security failure
• Information about the revocation must be
  propagated to all the parts of the system where
  relevant certificates
• All the leaders of a group
• the right to revoke themselves and any other
  leaders and members of the same group
• By signing revocation lists of group-key pairs

12
GMM with certificates (7/8)

• With erased group keys and redundant certificates
• The effects of removing possibly corrupted
  leaders
• Erasing the group key
• Issuing redundant certificates

13
GMM with certificates (8/8)

• Issuing redundant certificates

14
Relations between groups (1/3)

• Public-key certificates
• One group may be a subgroup of the other
• A subgroup is a group, that has its own
  management as a part of another group
• Subgroup relations
• Subgroup certificates
• Supergroup
• The group whose leader issued the subgroup
  certificate
• Subgroup leader
• admit new members and revoke memberships in the
  subgroup

15
Relations between groups (2/3)

• Membership of a group is transitive
• The leadership is not transitive
• Subgroup leader do not become leaders of the
  supergoup
• The subgroup is independent
• Subgroups and revocation
• The membership management functions as simple and
  local as possible

16
Relations between groups (3/3)
17
Conclusions

• A robust protocol for managing groups in ad-hoc
  netwoks
• A fully distributed, certificate-based system
• Open question
• Optimal best effort revocation procedure and
  relation of the groups with routing and network
  management
• A shared secret key does not protect the group
  members from impersonation by each other
• Certificate
• Threshold schemes